Lines Matching +full:sac +full:- +full:mode
1 # SPDX-License-Identifier: GPL-2.0
156 cbc(aes), and the support for the crypto self-tests.
178 bool "Enable cryptographic self-tests"
181 Enable the cryptographic self-tests.
183 The cryptographic self-tests run at boot time, or at algorithm
188 - Development and pre-release testing. In this case, also enable
192 - Production kernels, to help prevent buggy drivers from being used
193 and/or meet FIPS 140-3 pre-operational testing requirements. In
197 bool "Enable the full set of cryptographic self-tests"
200 Enable the full set of cryptographic self-tests for each algorithm.
203 pre-release testing, but not in production kernels.
242 Authenc: Combined mode wrapper for IPsec.
254 profile. This is required for Kerberos 5-style encryption, used by
277 menu "Public-key cryptography"
280 tristate "RSA (Rivest-Shamir-Adleman)"
287 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
290 tristate "DH (Diffie-Hellman)"
294 DH (Diffie-Hellman) key exchange algorithm
301 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
304 Support these finite-field groups in DH key exchanges:
305 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
314 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
318 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
319 using curves P-192, P-256, and P-384 (FIPS 186)
328 ISO/IEC 14888-3)
329 using curves P-192, P-256, P-384 and P-521
334 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
341 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
342 RFC 7091, ISO/IEC 14888-3)
356 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
360 environments regardless of its use in feedback or non-feedback
363 suited for restricted-space environments, in which it also
374 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
384 8 for decryption), this implementation only uses just two S-boxes of
412 128-bit: 12 rounds.
413 192-bit: 14 rounds.
414 256-bit: 16 rounds.
442 Camellia cipher algorithms (ISO/IEC 18033-3)
458 tristate "CAST5 (CAST-128)"
462 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
465 tristate "CAST6 (CAST-256)"
469 CAST6 (CAST-256) encryption algorithm (RFC2612)
476 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
477 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
487 See https://ota.polyonymo.us/fcrypt-paper.txt
497 an algorithm optimized for 64-bit processors with good performance
498 on 32-bit processors. Khazad uses an 128 bit key size.
508 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
510 SEED is a 128-bit symmetric key block cipher that has been
537 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
538 ISO/IEC 18033-3:2010/Amd 1:2021)
540 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
547 (GB.15629.11-2003).
549 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
551 of the People's Republic of China (SAC).
574 Xtendend Encryption Tiny Algorithm is a mis-implementation
599 menu "Length-preserving ciphers and modes"
609 Adiantum tweakable, length-preserving encryption mode
614 an ε-almost-∆-universal hash function, and an invocation of
615 the AES-256 block cipher on a single 16-byte block. On CPUs
617 AES-XTS.
621 bound. Unlike XTS, Adiantum is a true wide-block encryption
622 mode, so it actually provides an even stronger notion of
636 bits in length. This algorithm is required for driver-based
647 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
650 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
656 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
660 in some performance-sensitive scenarios.
667 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
669 This block cipher mode is required for IPSec ESP (XFRM_ESP).
676 CTR (Counter) mode (NIST SP800-38A)
683 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
684 Addendum to SP800-38A (October 2010))
686 This mode is required for Kerberos gss mechanism support
694 ECB (Electronic Codebook) mode (NIST SP800-38A)
702 HCTR2 length-preserving encryption mode
704 A mode for storage encryption that is efficient on processors with
706 x86 processors with AES-NI and CLMUL, and ARM processors with the
718 LRW (Liskov Rivest Wagner) mode
721 narrow block cipher mode for dm-crypt. Use it with cipher
722 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
733 PCBC (Propagating Cipher Block Chaining) mode
735 This block cipher mode is required for RxRPC.
742 XCTR (XOR Counter) mode for HCTR2
744 This blockcipher mode is a variant of CTR mode using XORs and little-endian
745 addition rather than big-endian arithmetic.
747 XCTR mode is used to implement HCTR2.
755 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
758 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
773 tristate "AEGIS-128"
775 select CRYPTO_AES # for AES S-box tables
777 AEGIS-128 AEAD algorithm
780 bool "AEGIS-128 (arm NEON, arm64 NEON)"
784 AEGIS-128 AEAD algorithm
787 - NEON (Advanced SIMD) extension
790 tristate "ChaCha20-Poly1305"
797 mode (RFC8439)
800 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
806 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
807 authenticated encryption mode (NIST SP800-38C)
810 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
816 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
817 (GCM Message Authentication Code) (NIST SP800-38D)
849 tristate "Encrypted Salt-Sector IV Generator"
852 Encrypted Salt-Sector IV generator
855 dm-crypt. It uses the hash of the block encryption key as the
867 associated data (AAD) region (which is how dm-crypt uses it.)
874 combined with ESSIV the only feasible mode for h/w accelerated
888 BLAKE2b is optimized for 64-bit platforms and can produce digests
892 - blake2b-160
893 - blake2b-256
894 - blake2b-384
895 - blake2b-512
902 tristate "CMAC (Cipher-based MAC)"
906 CMAC (Cipher-based Message Authentication Code) authentication
907 mode (NIST SP800-38B and IETF RFC4493)
914 GCM GHASH function (NIST SP800-38D)
917 tristate "HMAC (Keyed-Hash MAC)"
921 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
946 known as WPA (Wif-Fi Protected Access).
952 tristate "RIPEMD-160"
955 RIPEMD-160 hash function (ISO/IEC 10118-3)
957 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
958 to be used as a secure replacement for the 128-bit hash functions
960 (not to be confused with RIPEMD-128).
962 Its speed is comparable to SHA-1 and there are no known attacks
963 against RIPEMD-160.
970 tristate "SHA-1"
974 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3), including
978 tristate "SHA-224 and SHA-256"
982 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC
983 10118-3), including HMAC support.
989 tristate "SHA-384 and SHA-512"
993 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC
994 10118-3), including HMAC support.
997 tristate "SHA-3"
1001 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1008 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1014 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1020 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1034 Whirlpool hash function (ISO/IEC 10118-3)
1036 512, 384 and 256-bit hashes.
1038 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1044 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1048 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1056 xxHash non-cryptographic hash algorithm
1073 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1075 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1145 LZ4 high compression mode algorithm
1165 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1167 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1183 Hash_DRBG variant as defined in NIST SP800-90A.
1185 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1191 CTR_DRBG variant as defined in NIST SP800-90A.
1193 This uses the AES cipher algorithm with the counter block mode.
1204 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1210 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1211 compliant with NIST SP800-90B) intended to provide a seed to a
1212 deterministic RNG (e.g., per NIST SP800-90C).
1276 trade-off, however, is that the Jitter RNG now requires more time
1286 the Jitter RNG operates in an insecure mode as long as the
1344 See Documentation/crypto/userspace-if.rst and
1355 See Documentation/crypto/userspace-if.rst and
1367 See Documentation/crypto/userspace-if.rst and
1376 - resetting DRBG entropy
1377 - providing Additional Data
1391 See Documentation/crypto/userspace-if.rst and